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REMARKS 

This Amendment and the following remarks are intended to fully respond to the non-final 
Office Action mailed May 16, 2008. In this Response, claims 1-4, 7, 9-14, 18, 23, 24, 28, and 29 
are amended to clarify the subject matter of these claims. Claims 5, 6, 8, 15-17, 19-22, and 25- 
27 are canceled. Claims 1-4, 7, 9-14, 18, 23, 24, 28 and 29 remain present for examination. 
Reconsideration and allowance are requested for at least the following reasons. 

Rejections Under 35 USC § 103 
I. Herrmann, He, and Rosen 

Claims 1-3, 7, 10-14, 18, 23, 24, 28, and 29 are rejected under 35 USC § 103(a) as being 
unpatentable over the Herrmann et al. (U.S. Patent Application Publication No. 2004/0107360, 
hereinafter "Herrmann") in view of He et al. (U.S. Patent No. 6,088,451, hereinafter "He") and 
in further view of Rosen (U.S. Patent No. 5,557,518). This rejection is respectfully traversed, 
and the correctness of the rejection is not conceded. Reconsideration is requested for the 
following reasons. 

A. Claims 1-3, 7, and 10-12 

To establish a prima facie case of obviousness under 35 U.S.C. § 103(a), the cited 
references, when combined, must teach or suggest all the claim limitations, and there must be a 
suggestion or motivation to combine the references. See MPEP 2143 et seq. Herrmann, He, and 
Rosen fail to disclose all of the limitations of claim 1. As such, Herrmann, He, and Rosen do not 
render claim 1 obvious for at least the following reasons. 

Claim 1 recites a first server device that sends to the client device a second manifest that 
specifies a second plurality of checks that the client device must perform. Claim 1 also requires 
the first server device to receive, from the client device, a second status report that indicates 
results of the client device performing the second plurality of checks. In addition, claim 1 
requires that if the results of the checks show that the client device passed all of the checks, the 
first server device must send, to the client device, proof that the client device possesses a 
required configuration. 
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The current Office Action contends that Herrmann, paragraph 94, teaches that the client 

device performs checks in the manifest and sends results of the checks to the first server device. 

For instance, the current Office Action cites Herrmann, paragraph 94, with regard to the 

requirement of "the client comprises delegates that perform the checks in the manifest of checks" 

in claim 3, and the requirement of "performing the checks and forwarding the results to the 

policy server" in claim 13. Herrmann, paragraph 94, is reproduced below: 

Upon receipt of the policy challenge, at step 711 the client collects policy 
information and responds to the policy challenge . On the client device, an EAP- 
ZLX dynamic link library (DLL) is invoked to obtain the required policy 
information and to generate a response packet including the policy information. In 
the currently preferred embodiment, the EAP-ZLX DLL calls an application 
programming interface of the local TrueVector security service on the client 
device to query the policy state and machine state, and a login message in XML 
format containing the policy information is generated and is packaged inline in an 
(unwrapped) extended EAP Packet (of type EAP-ZLX) for transmission to the 
proxy server (and ultimately to the policy server). The response packet that is 
generated is then sent from the client in reply to the policy challenge. 

The underlined portion of Herrmann, paragraph 94, describes how, in response to a policy 
challenge, the client device collects policy information and includes the policy information in a 
reply to the policy challenge. This does not, by itself, imply that the client does anything more 
than collect information already present on the client. For example, the use of the word "query" 
generally implies retrieval of data from a database, illustrating that the client does nothing more 
than collect information already present on the client. 

By citing Herrmann, paragraph 94, the current Office Action suggests that a policy 
challenge that requires the client device to collect policy information teaches a manifest of 
checks that the client device must perform. Throughout Applicants' disclosure, the term "check" 
is used in the sense of a "test." For example, in Applicants' specification, the term "check" is 
used in phrases like "the checks should be performed" and "if the client passed all of the 
checks." 

Given that the term "check" connotes a test, sending a policy challenge that causes a 
client device to collect policy information, as described in paragraph 94 of Herrmann, does not 
teach or suggest sending a manifest of checks that the client device must perform, as required by 



13 



U.S. Patent Application Serial No. 10/823,686 



claim 1 . Therefore, paragraph 94 of Herrmann does not teach or suggest this requirement of 
claim 1. 

In addition, claim 1 requires the first server device to store a Bill of Health (BoH) for the 
client device when the second status report indicates that the client device passed all of the 
checks in the second plurality of checks, the BoH comprising a creation time of the BoH, an 
expiration date of the BoH, a manifest version identifier that identifies a version number of the 
second manifest, and an integrity check. The current Office Action does not cite art that teaches 
this requirement of claim 1. 

For at least these reasons, the current Office Action does not cite art that teaches all 
elements of claim 1. Because the current Office Action does not cite art that teaches all elements 
of claim 1, the current Office Action does not provide a prima facie case of obviousness under 35 
U.S.C. § 103(a) against claim 1 and its dependent claims 2, 3, 7, and 10-12. Accordingly, 
Applicants respectfully request reconsideration and allowance of claims 1-3, 7, and 10-12. 

B. Claims 13, 14. and 18 

Claim 13 recites, in part, performing, at the client device, the checks in the manifest of 
checks and sending results of the checks to the first server device. Claim 13 also recites 
receiving, at the client device from the first server device, a certificate that provides proof that 
the client device possesses the required configuration, wherein the certificate comprises a serial 
number of a BoH for the client device stored at the first server device, an address of the first 
server device, and a digital signature, and wherein the BoH comprises a creation time of the 
BoH, an expiration date for the BoH, a manifest version identifier that identifies a version 
number of the second manifest, and an integrity check. Claim 13 is therefore allowable for at 
least similar reasons to those provided above. Reconsideration and allowance of claim 13, as 
well as claims 14 and 18 that depend therefrom, are therefore requested. 

C. Claims 23 and 24 

Claim 23 recites receiving, at the first server device, a proof from the client device that 
the client device has a required configuration, wherein the proof specifies a serial number of a 
Bill of Health (BoH) generated by a trusted server device that only generates the BoH when the 
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trusted server device receives, from the client device, a status report that indicates results of 
checks specified in a manifest sent to the client device by the trusted server device and the results 
of the checks show that the client device passed all the checks. Claim 23 is therefore allowable 
for at least similar reasons to those provided above. Reconsideration and allowance of claim 23, 
as well as claim 24 that depends therefrom, are therefore requested. 

D. Claim 28 

Claim 28 recites performing, at the client device, the checks in the manifest of checks and 
sending the results of the checks from the client device to the first server device. Claim 28 
further recites receiving, at the client device from the first server device, a certificate that 
provides proof that the client device possesses the required configuration, wherein the certificate 
comprises a serial number of a BoH for the client device stored at the first server device, an 
address of the first server device, and a digital signature, and wherein the BoH comprises a 
creation time of the BoH, an expiration date for the BoH, a manifest version identifier that 
identifies a version number of the second manifest, and an integrity check. Claim 28 is therefore 
allowable for at least similar reasons to those provided above. Reconsideration and allowance of 
claim 28 are therefore requested. 

E. Claim 29 

Claim 29 recites instructions including performing, at the client device, the checks in the 
manifest of checks and sending the results of the checks to the first server device. Claim 29 also 
recites receiving, at the client device from the first server device, a certificate that provides proof 
that the client device possesses the required configuration, wherein the certificate comprises a 
serial number of a BoH for the client device stored at the first server device, an address of the 
first server device, and a digital signature, and wherein the BoH comprises a creation time of the 
BoH, an expiration date for the BoH, a manifest version identifier that identifies a version 
number of the second manifest, and an integrity check. Claim 29 is therefore allowable for at 
least similar reasons to those provided above. Reconsideration and allowance of claim 29 are 
therefore requested. 



15 



U.S. Patent Application Serial No. 10/823,686 



II. Herrmann, He, Rosen, and Saito 

Claims 4, 5, 8, 9, 15-17, 25, and 26 are rejected under 35 USC § 103(a) as being 
unpatentable over Herrmann in view He, in view of Rosen, and further in view of Saito et al. 
(U.S. Patent No. 6,275,941, hereinafter "Saito"). This rejection is respectfully traversed, and the 
correctness of the rejection is not conceded. Reconsideration is requested for the following 
reasons. 

Claims 5, 8, 15-17, 25, and 26 are canceled. Claims 4 and 9 depend from claim 1. Saito 
does not remedy the shortcomings of Herrmann, He, and Rosen noted above. Claims 4 and 9 are 
therefore allowable for at least the reasons discussed above with respect to claim 1. 

Conclusion 

In light of the above remarks and amendments, it is believed that the application is now 
in condition for allowance and such action is respectfully requested. Should any additional 
issues need to be resolved, the Examiner is requested to telephone the undersigned to attempt to 
resolve those issues. 

The Commissioner is hereby authorized to charge any deficiencies or credit any 
overpayment with respect to this patent application to deposit account number 13-2725. 

Respectfully submitted, 
MERCHANT & GOULD P.C. 
P.O. Box 2903 

Minneapolis, Minnesota 55402-0903 
(612) 332-5300 

Date: October 16, 2008 /Albert W. Vredeveld/ 

Name: Albert W. Vredeveld 
Reg. No.: 60,315 
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